Precision Loss in getPrice Function
Summary
The getPrice() function’s integer division truncates fractions, causing the sliding price to drop in abrupt steps rather than a smooth curve. This medium-impact, high-likelihood issue reduces pricing accuracy over time, confusing users and potentially affecting auction dynamics, especially with long durations or small price ranges.
Vulnerability Details
The function calculates a linear price decrease from startingPrice to reservePrice over time, but Solidity’s integer division discards remainders. Example:
Auction lasts 1 day (86,400 seconds), startingPrice = 1e6 (1 USDC), reservePrice = 0.
After 1 second: (1e6 * 1) / 86,400 = 11.57…, truncated to 11.
Price stays at 999,989 for a while, then jumps, lacking granularity.
This stepwise decline misrepresents the intended smooth progression.
Impact
Users experience inconsistent pricing, a medium-impact issue that could confuse or deter participation. The high likelihood occurs in any auction with significant duration or small price deltas, where precision loss becomes noticeable and disrupts expectations.
Tools Used
Manual Code Review: To analyze the pricing formula’s behavior.
Recommendations
Scale calculations for finer precision:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.